Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/r4nO9Lkxg2lvNoe3sEPc8CvuJQY.roa
File:                     r4nO9Lkxg2lvNoe3sEPc8CvuJQY.roa (raw, json)
Hash identifier:          GRIzTgrov0I8Io/8uXxwsJ4PX2TC18wdKVjiUiTBxX8=
Subject key identifier:   AF:89:CE:F4:B9:31:83:69:6F:36:87:B7:B0:43:DC:F0:2B:EE:25:06
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0197091B043FDAF59D79DFCA611A225FD667
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/r4nO9Lkxg2lvNoe3sEPc8CvuJQY.roa
Signing time:             Sun 25 May 2025 20:20:54 +0000
ROA not before:           Sun 25 May 2025 20:20:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206305
IP address blocks:        2a13:b9c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:1b:04:3f:da:f5:9d:79:df:ca:61:1a:22:5f:d6:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May 25 20:20:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af89cef4b93183696f3687b7b043dcf02bee2506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a6:ee:34:31:4c:fa:6a:fd:29:03:59:a8:12:
                    46:94:1f:04:74:5b:43:c6:ae:06:c6:cc:52:05:3b:
                    e4:ac:c4:96:fd:05:d3:12:77:39:bc:61:4c:22:f7:
                    fe:01:0c:65:a4:25:db:d3:be:8b:9e:10:ef:9f:f9:
                    41:94:b0:2c:85:08:94:9f:6e:1b:b5:ba:12:ce:fb:
                    b0:58:32:d1:c6:bb:5e:41:31:b6:d1:01:c9:39:b6:
                    90:70:97:4f:af:cd:b0:b6:59:19:9b:1f:f4:77:b0:
                    3b:9a:19:39:b0:ba:44:8e:6e:97:ef:a2:46:10:ff:
                    55:33:33:fb:0c:fe:a2:22:62:73:a0:67:22:3c:05:
                    10:89:40:03:be:af:82:d2:58:57:47:88:0e:3a:c5:
                    65:07:7d:b8:4a:53:8c:55:57:0d:2b:db:17:fe:29:
                    9f:e6:1b:f8:48:f1:51:3c:d7:a7:f1:a1:72:f5:8e:
                    76:1c:42:fa:ee:bd:0c:c9:21:34:23:bc:2a:c0:b3:
                    58:35:01:34:48:06:60:90:bd:11:67:b9:c2:ad:09:
                    42:0a:a5:7d:bd:c1:ef:0e:b5:47:dd:01:37:40:5f:
                    22:12:f0:1a:d2:2b:75:fd:a1:dc:0d:6c:2c:b7:f1:
                    21:d2:fa:bb:fd:ab:f8:b4:d0:20:5e:52:fc:1a:91:
                    ad:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:89:CE:F4:B9:31:83:69:6F:36:87:B7:B0:43:DC:F0:2B:EE:25:06
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/r4nO9Lkxg2lvNoe3sEPc8CvuJQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         70:d9:1e:13:f3:cf:20:00:cb:14:15:a2:a7:5e:ad:d3:8f:72:
         03:cb:f4:69:0a:b9:6b:c8:c6:18:c8:e9:af:7c:da:fd:c3:33:
         08:23:71:68:eb:80:02:f8:6a:6b:91:aa:cb:06:86:a8:5b:c9:
         c6:61:ec:bc:88:d5:e7:62:52:c7:89:e2:bc:a5:91:37:9f:de:
         9f:d1:a3:05:59:08:8b:46:ae:35:a8:70:f1:d1:98:29:76:47:
         7f:09:85:59:fc:e6:3c:57:49:24:70:c7:bd:61:01:61:2e:ae:
         15:5b:da:80:57:d8:cd:49:32:f0:a0:67:54:99:e5:ed:9b:17:
         8b:19:66:e9:29:c6:6c:a7:f5:75:b9:e0:c2:e6:0c:ea:f5:44:
         3a:88:bb:e4:d6:da:24:75:e5:4f:eb:b7:3b:b8:71:ef:9c:47:
         51:6c:20:ee:f9:af:4f:aa:0f:a9:72:84:51:60:2f:50:b0:40:
         bf:d9:43:d1:0e:01:bd:7b:c6:8a:20:16:58:67:dc:2f:42:9b:
         1a:8a:aa:48:99:02:9c:05:06:03:8d:63:59:07:a1:b6:f1:fb:
         82:c4:50:0f:38:dc:53:90:55:aa:c4:7a:62:26:2a:8d:e4:6a:
         65:e9:35:9f:33:56:f2:ff:d8:a6:12:e8:1e:26:03:10:89:e3:
         a0:0c:d4:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJGwQ/2vWded/KYRoiX9ZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwNTI1MjAyMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg5Y2VmNGI5MzE4MzY5NmYzNjg3YjdiMDQzZGNmMDJiZWUyNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKbuNDFM+mr9KQNZqBJGlB8EdFtD
xq4GxsxSBTvkrMSW/QXTEnc5vGFMIvf+AQxlpCXb076LnhDvn/lBlLAshQiUn24b
tboSzvuwWDLRxrteQTG20QHJObaQcJdPr82wtlkZmx/0d7A7mhk5sLpEjm6X76JG
EP9VMzP7DP6iImJzoGciPAUQiUADvq+C0lhXR4gOOsVlB324SlOMVVcNK9sX/imf
5hv4SPFRPNen8aFy9Y52HEL67r0MySE0I7wqwLNYNQE0SAZgkL0RZ7nCrQlCCqV9
vcHvDrVH3QE3QF8iEvAa0it1/aHcDWwst/Eh0vq7/av4tNAgXlL8GpGt7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK+JzvS5MYNpbzaHt7BD3PAr7iUGMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvcjRuTzlMa3hnMmx2Tm9lM3NFUGM4Q3Z1SlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO5wDAN
BgkqhkiG9w0BAQsFAAOCAQEAcNkeE/PPIADLFBWip16t049yA8v0aQq5a8jGGMjp
r3za/cMzCCNxaOuAAvhqa5GqywaGqFvJxmHsvIjV52JSx4nivKWRN5/en9GjBVkI
i0auNahw8dGYKXZHfwmFWfzmPFdJJHDHvWEBYS6uFVvagFfYzUky8KBnVJnl7ZsX
ixlm6SnGbKf1dbngwuYM6vVEOoi75NbaJHXlT+u3O7hx75xHUWwg7vmvT6oPqXKE
UWAvULBAv9lD0Q4BvXvGiiAWWGfcL0KbGoqqSJkCnAUGA41jWQehtvH7gsRQDzjc
U5BVqsR6YiYqjeRqZek1nzNW8v/YphLoHiYDEInjoAzUSQ==
-----END CERTIFICATE-----